Vulnerability Details CVE-2022-20221
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.4%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.3
References